Monitoring Splunk

ta-postgres Authentication issue

marcoscala
Builder

hi!
I'm trying to monitor a Postgres DB using the ta-postgres TA.

I have an authentication issue: the DBA created a user "splunk" and provided me with the password. I have tried the following configuration options in ta-postgres/local/postgrestats.conf:

Option 1.
[default]
defaultdb =
host = host.domain
port = 5432
user = splunk
password = {md5}splunk83fef3dd6477

Option 2.
[default]
defaultdb =
host = host.domain
port = 5432
user = splunk
password = md5bacb6374010b3f7af42dc7a670da9db4
(md5 coded password from the postgres db)

In both cases I get the following error message on the DB in the "postgresql*.log :
UTC FATAL: password authentication failed for user "splunk"

Thanks for support!!!

Tags (1)
0 Karma
1 Solution

marcoscala
Builder

Actually, digging in the code of the ta, we found that the bin/postgrestats.py uses the connect method from psycopg2:

psycopg2.connect(connect_string(defaultdb, dbhost, dbport, dbuser, dbpassword))

Cheching online it looks like the dbpassword must be passed NOT MD5ed...

so the working final config for me was:

password = splunk83fef3dd6477

with the password in clear!!!

Hope this will help!!!

View solution in original post

0 Karma

marcoscala
Builder

Actually, digging in the code of the ta, we found that the bin/postgrestats.py uses the connect method from psycopg2:

psycopg2.connect(connect_string(defaultdb, dbhost, dbport, dbuser, dbpassword))

Cheching online it looks like the dbpassword must be passed NOT MD5ed...

so the working final config for me was:

password = splunk83fef3dd6477

with the password in clear!!!

Hope this will help!!!

0 Karma

marcoscala
Builder

Here is the source of our findings:

https://wiki.postgresql.org/wiki/Psycopg2_Tutorial

0 Karma
Get Updates on the Splunk Community!

Security Professional: Sharpen Your Defenses with These .conf25 Sessions

Sooooooooooo, guess what. .conf25 is almost here, and if you're on the Security Learning Path, this is your ...

First Steps with Splunk SOAR

Our first step was to gather a list of the playbooks we wanted and to sort them by priority.  Once this list ...

How To Build a Self-Service Observability Practice with Splunk Observability Cloud

If you’ve read our previous post on self-service observability, you already know what it is and why it ...